OpenSSL

本文或本節需要翻譯。要貢獻翻譯，請訪問簡體中文翻譯團隊。

附註： 請完成翻譯。大部分內容尚未翻譯。（在 Talk:OpenSSL# 中討論）

OpenSSL是 SSL 和 TLS 協議的開源實現，旨在儘可能靈活。OpenSSL 支持各種平台，包括 BSD、Linux、OpenVMS、Solaris 和 Windows。

警告： 2015 年 5 月發布的對 OpenSSL 協議使用情況的合作研究顯示 SSL 連接存在重大風險「Logjam」。可在 https://weakdh.org/ 查看結果，在 https://weakdh.org/sysadmin.html 查看建議的服務端配置。

安裝[編輯 | 編輯原始碼]

Arch Linux 默認安裝 openssl^包（作為 coreutils^包的依賴）。

有許多 OpenSSL 庫綁定可供開發者使用：

配置[編輯 | 編輯原始碼]

在 Arch Linux 中 OPENSSLDIR 為 /etc/ssl。

OpenSSL 配置文件通常位於 /etc/ssl/openssl.cnf，乍一看可能很複雜。注意在賦值中可以展開變量，這與 Shell 腳本的工作方式很相似。配置文件格式的詳細解釋，請見 config(5ssl)。

req 部分[編輯 | 編輯原始碼]

本文或本章節可能需要合併到#生成證書籤名請求。

附註： 主題相同。（在 [[en:Talk:OpenSSL#Plan]] 中討論）

與生成密鑰、請求和自簽名證書有關的設置。

The req section is responsible for the DN prompts. A general misconception is the Common Name (CN) prompt, which suggests that it should have the user's proper name as a value. End-user certificates need to have the machine hostname as CN, whereas CA should not have a valid TLD, so that there is no chance that, between the possible combinations of certified end-users' CN and the CA certificate's, there is a match that could be misinterpreted by some software as meaning that the end-user certificate is self-signed. 某些 CA 證書甚至沒有 CN，例如 Equifax：

$ openssl x509 -subject -noout < /etc/ssl/certs/Equifax_Secure_CA.pem

subject= /C=US/O=Equifax/OU=Equifax Secure Certificate Authority

用法[編輯 | 編輯原始碼]

請先閱讀 Transport Layer Security#Obtaining a certificate。

生成 Curve25519 私鑰[編輯 | 編輯原始碼]

$ openssl genpkey -algorithm x25519 -out 文件名

生成 ECDSA 私鑰[編輯 | 編輯原始碼]

$ openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:P-256 -out 文件名

生成 RSA 私鑰[編輯 | 編輯原始碼]

使用（根據 openssl(1ssl)，代替 genrsa 的）genpkey(1ssl)：

$ openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:私钥大小 -out 文件名

如果需要加密密鑰，使用 -aes-256-cbc 選項。

生成證書籤名請求[編輯 | 編輯原始碼]

使用 req(1ssl)：

$ openssl req -new -sha256 -key 私钥 -out 文件名

顯示證書籤名請求[編輯 | 編輯原始碼]

證書籤名請求以編碼形式存儲。要以人類可讀的形式查看請求：

$ openssl req -noout -text -in 文件名

生成自簽名證書[編輯 | 編輯原始碼]

這篇文章的某些內容需要擴充。

原因： This produces a certificate for the (root) Certificate Authority, which you are acting as. Most web browsers do not seem to accept CA certificates, deeming it necessary to request another certificate and sign it with the CA cert and CA key. The "Generate a certificate issued by own CA" procedure in this forum post is what seems to satisfy browsers. (在 Talk:OpenSSL 中討論)

$ openssl req -key private_key -x509 -new -days days -out filename

Generate a self-signed certificate with private key in a single command[編輯 | 編輯原始碼]

You can combine the above command in OpenSSL into a single command which might be convenient in some cases:

$ openssl req -x509 -newkey rsa:4096 -days days -keyout key_filename -out cert_filename

Generate Diffie–Hellman parameters[編輯 | 編輯原始碼]

See Diffie–Hellman key exchange for more information.

Current best practice is to use one of the standard DH groups from RFC:7919, eg. ffdhe2048.

Alternatively you can generate a random group of your own:

$ openssl dhparam -out filename 2048

提示：To speed up generating, especially when not on high-end hardware, add the -dsaparam option [1].

顯示證書信息[編輯 | 編輯原始碼]

$ openssl x509 -text -in 证书文件名

顯示證書指紋[編輯 | 編輯原始碼]

$ openssl x509 -noout -in 证书文件名 -fingerprint -digest

-digest is optional and one of -md5, -sha1, -sha256, or -sha512. See "-digest" in x509(1ssl) § Input, Output, and General Purpose Options for when the digest is unspecified.

轉換證書格式[編輯 | 編輯原始碼]

Use openssl x509 to convert certificates from binary (DER) format to PEM format (the text format with BEGIN CERTIFICATE headers)：

$ openssl x509 -inform DER < myCA.crt > myCA_pem.crt

Use third-party providers[編輯 | 編輯原始碼]

OpenSSL 3 introduced providers as a new concept for OpenSSL plugability. It is possible to use algorithms not included in OpenSSL without having to recompile it. For example, to test the NIST Post-Quantum Cryptography algorithms, you can install the Open Quantum Safe provider oqsprovider^AUR. As an example, you can generate a quantum-safe self-signed certificate with private key using one of the variants of the Dilithium signature algorithm:

$ openssl req -provider oqsprovider -x509 -newkey dilithium3 -days days -keyout key -out cert

Troubleshooting[編輯 | 編輯原始碼]

"bad decrypt" while decrypting[編輯 | 編輯原始碼]

OpenSSL 1.1.0 changed the default digest algorithm for the dgst and enc commands from MD5 to SHA256. [2]

Therefore if a file has been encrypted using OpenSSL 1.0.2 or older, trying to decrypt it with an up to date version may result in an error like:

error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:crypto/evp/evp_enc.c:540

Supplying the -md md5 option should solve the issue:

$ openssl enc -d -md md5 -in encrypted -out decrypted

Python 3.10 and "ca md too weak" errors[編輯 | 編輯原始碼]

In Python 3.10 by default there is a hardcoded list of allowed OpenSSL ciphers. Some of the less secure, like MD5, have been disabled at the ssl module level, ignoring the system-wide configuration of OpenSSL. It results sometimes in strange errors on older certificates, sometimes even when establishing https connections, like:

requests.exceptions.SSLError: HTTPSConnectionPool(host='a.kind.of.example.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(398, '[SSL: CA_MD_TOO_WEAK] ca md too weak (_ssl.c:3862)')))

To make Python follow the system configuration, you may have to rebuild it, adding --with-ssl-default-suites=openssl parameter to ./configure. The issue has been also reported as FS#73549.